As some door and window companies require temperature checks amid the COVID-19 pandemic, one employee now alleges that the practice led to unlawful storage of other biometric data.
Brooks Olds was employed by Pella Corp. at its Macomb, Ill., location from November 11, 2019, to December 15, 2020. In a putative class action filed March 3, involving more than 500 employees, Olds alleges that Pella required his temperature to be taken before the start of each workday “by a device that functioned, in part, by scanning” his facial geometry. His biometrics were stored in a database, court documents say, and he was never informed of how long the company would store or “the specific limited purposes” for the data. Olds was also never informed of when his biometric data would be deleted from Pella’s database, the case alleges.
“Plaintiff has never been provided with nor ever signed a written release allowing defendant to collect, capture, store, or otherwise obtain his handprint, hand geometry, or other biometrics,” the suit alleges.
The suit also alleges that Olds “has continuously and repeatedly been exposed to the risks and harmful conditions” created by Pella’s violations of BIPA, including not obtaining “employees’ executed written release as a condition of employment.”
Pella’s use of biometrics “benefits only” Pella, the lawsuit alleges, adding, “There is no corresponding benefit to employees: Defendant has required or coerced employees to comply in order to receive a paycheck, after they have been committed to the job.”
Chicago and other municipalities in Illinois began in the early 2000s “to test ‘new applications of biometric-facilitated financial transactions, including finger-scan technologies at grocery stores, gas stations, and school cafeterias,’” court documents state.
In late 2007, Pay by Touch, a biometrics company, filed for bankruptcy after providing fingerprint scanners to retailers in Illinois for consumer transactions. The State of Illinois was alarmed by the bankruptcy, because a third party had access to biometric identifiers, which could be linked to sensitive financial and personal data, court documents say. Pay by Touch could sell this information, court documents suggest.
The Biometric Information Privacy Act was enacted in mid-2008 in Illinois. Texas and Washington also have biometric privacy laws, and Maryland and New York are expected to follow.
When BIPA was enacted in mid-2008, according to the lawsuit, most companies that had “experimented using employees’ biometric data as an authentication method stopped doing so.”
Olds v. Pella Corp. alleges that Pella “disregarded these obligations” as mandated by BIPA, “and instead unlawfully collected, stored, and used employees’ biometric identifiers and information, without ever receiving the individual’s written consent as required by BIPA” in the state of Illinois.
The lawsuit suggests that, while an individual can obtain a new social security number, he or she cannot be reassigned another individual’s face or biometric data, which makes “biometric identifiers and biometric information particularly important.” Olds and his co-workers may be aggrieved, according to court documents, because Pella “may have improperly disclosed employees’ biometrics to third-party vendors in violation of BIPA” and because Pella failed “to destroy their biometric data when the initial purpose for collecting or obtaining such data has been satisfied or within three years of employees’ last interactions with the company.”
Olds seeks $5,000 “in statutory damages for each of three separate claims under BIPA.”
“Even assuming each putative class member can recover only $5,000 for each claim, the total amount in controversy exceeds $5,000,000,” court documents state.